I recently learned about the existence of the Evercookie. Is there any way I can prevent an Evercookie being placed on my computer without disabling JavaScript or cookies entirely? I don't want tracking cookies constantly on my machine that I can't get rid of. Apparently even though my antivirus finds and removes the tracking cookies, they are immediately replicated after deletion.

Maybe I'm just being a little too paranoid, but I don't like the idea of someone putting something on my machine that can track my browsing habits and actively resists my attempts to remove it.

5 Answers
5

Much of the reason for EverCookie is that disabling Javascript and cookies does not prevent you from being tracked. Actually, even if you could protect against EverCookie, it doesn't solve the problem of HTTP referencing (via iframes, imgs etc) nor browser fingerprinting (although using TOR may help). If you're seeking to drop off the map, then most of the things you do to obscure your identity actually make your sessions stand out as unusual (although it's harder to link the session to your identity). It's pretty much the same as using an internet cafe with a bag over your head.

I don't like the idea of someone putting something on my machine that can track my browsing habits

Like a browser? Even in anonymous mode, it's possible to reconstruct a lot of your online activity.

Building a new virual machine doesn't change your IP address (TOR does). But if you use the same virtual machine image or configuration then you'll generate the same browser fingerprint.

There's a good reason why guns have serial numbers and cars have licence plates. I suspect that what you don't want is for someone to abuse the information available about your browsing habits - which is a very different question. Despite the wealth of tools to obscure your identity there's very little available to protect your privacy. And it's a question that really more people should be asking.

Thanks for your answer. Yeah, I don't want someone to be able to abuse the information in any way. Plus on a more fundamental level, I don't believe it's anyone's right to even possess that information without my consent or a legal warrant.
–
asteriJun 28 '13 at 16:06

If you really are worried, build yourself a new virtual machine each time you want to use the Internet.

If may be that some websites take a signature from everyone who connects to them so if you are that worried you should also connect from a different physical location each time, use TOR etc. But this process will negatively impact your enjoyment of the delights the Internet has to offer.

Actually this is probably the best advice, and not so hard to actually realize. A common strategy when dealing with rootkits and such is to have a static read-only VM image which you have setup with all the tools you want, and you simply reload from that every time you want to do something.
–
Darius JahandarieJun 27 '13 at 20:33

For real anonymous browsing I use TailsOS loaded in a VM . It uses TOR and Privoxy. However I don't log into my personal accounts because you don't know who is listening at the end nodes :) If you just want to take care of evercookies use CCleaner they say they clear those out there's a discussion about how evercookies are handled by CCleaner Here
HTH

+1 for the "I don't log into my personal accounts because you don't know who is listening at the end nodes"
–
LexJun 28 '13 at 10:42

Do you need to load TailsOS from a VM solely so that the MAC address can be changed? If yes, how long until TailsOS has that feature builtin?
–
GaiaOct 3 '13 at 3:47

You don't have to load TailsOS in a VM it's just the way I prefer to do it. The best way to change the MAC address would be through the virtualization software when you're configuring the network settings for that VM. You MAC address won't leave your local network so it's usually not that important to change it unless you're at a coffee shop or airport.
–
Four_0h_ThreeOct 3 '13 at 19:39

One option would be to have your browser prompt you before accepting cookies. This would allow you to keep cookie functionality enabled while giving you a choice on whether to accept each individual cookie. This is not very convenient, but it could be a workable solution for certain cases.